<?php
/*post gets and deletes here aren't likely to be used by a frontend*/
/*maybe shouldnt be part of the api*/
function friendrequest(){
	global $_SGET,$_SPOST,$_SREQUEST;
	global $auid,$valid;
	$id=$_REQUEST['id'];
	if ($valid){
		if ($_SERVER['REQUEST_METHOD']=="GET"){
			$res="[";
			if (isset($id)){
				$sth = mysql_query("SELECT f2 FROM friendrequests WHERE (f1=$auid OR f2=$auid) AND (f1=$id or f2=$id)");
				while($r = mysql_fetch_assoc($sth)) {
					$res.= $r['f1'].",";
				}
			}else{
				$sth = mysql_query("SELECT f2 FROM friendrequests WHERE f1=$auid");
				while($r = mysql_fetch_assoc($sth)) {
					$res.=$r['f2'].",";
				}
				$sth = mysql_query("SELECT f1 FROM friendrequests WHERE f2=$auid");
				while($r = mysql_fetch_assoc($sth)) {
					$res.= $r['f1'].",";
				}
			}
			$res=rtrim($res,',');
			$res.="]";
			print $res;
		}
		if ($_SERVER['REQUEST_METHOD']=="POST"){
			$id=$_SREQUEST['id'];
			$result= @mysql_query("INSERT INTO `friendrequests` (`id`,`f1`,`f2`) VALUES (NULL,'$auid','$id')");
			if (mysql_affected_rows()){
				header("HTTP/1.0 200 OK");
			}else{
				header("HTTP/1.0 400 BAD REQUEST");
			}
		}
		//if ($_SERVER['REQUEST_METHOD']=="PUT"){}
		if ($_SERVER['REQUEST_METHOD']=="DELETE"){
			$id=$_SREQUEST['id'];
			$result= @mysql_query("DELETE * FROM `friendrequests` WHERE (f1=$auid OR f2=$auid) AND (f1=$id OR f2=$id)");
			if (mysql_affected_rows()){
				header("HTTP/1.0 200 OK");
			}else{
				header("HTTP/1.0 400 BAD REQUEST");
			}
		}
	}else{
		header("HTTP/1.0 401 UNAUTHORIZED");
	}
}
?>